In recent years, a service provider, such as an enterprise or a service providing corporation, authenticates the ID and password of a user and provides the user with a service.
Therefore, the user has to manage the ID and password for each of the services. In order to tighten the security, each service provider requires that the user change the password regularly or use a long complicated password.
When a financial institution is used online, the use of a random card or a one-time password is recommended for proof of identity. In this case, the user has to manage a one-time password device and a random number table for each of the services.
On the other hand, the service provider has to manage and authenticate the ID and password for each user, and provides a service to that user. The service provider maintains high security for each user by utilizing the one-time password device and the random number table, because the utilization of these helps reduce the cost and provide an easy operation. The one-time password device and random number table of one service provider are not shared with another service provider to ensure the high security.
As described above, the user and the service provider have to manage the password, the one-time password device and random number table. This kind of management may be complicated and degrade the convenience since the number of items to be managed increases in accordance with an increase in the number of combinations of users and services. In order to solve this problem, authentication federation based on single sign-on (SSO) has come to be used, which enables the user to use a number of services by a single authentication operation.
In order to use the single sign-on, a plurality of service providers have to build a relationship of trust and authentication federation has to be performed among the systems of the service providers.
However, the authentication federation described above requires that each service provider manage the system of another service provider. Accordingly, the operation may become complicated, degrading the convenience of the service providers.
Furthermore, if the systems are based on different authentication levels, the authentication federation described above does not ensure safe use of single sign-on, and the convenience of the user is degraded thereby.
In addition, the service provider cannot easily provide a highly secure environment such as biometric authentication, and there is a possibility that the service provider will continue to use the environment it has built. As a result, the authentication method provided to the user may be fixed.
Meantime, an IDaas (Identity as a Service) corporation is known as a corporation which undertakes the job of managing users' IDs for service providers.
Accordingly, the embodiments are intended to provide an authentication system, method and, storage medium that enable an authentication method to be easily changed while simultaneously maintaining the convenience of the users and service providers.